Configure SSO with Okta

Pipedream supports Single Sign-On (SSO) with Okta. This guide shows you how to configure SSO in Pipedream to authenticate with your Okta org.

Requirements

  • SSO is only supported for workspaces on the Business plan. Visit the Pipedream pricing page to upgrade.
  • You must be an administrator of your Pipedream workspace
  • You must have an Okta account

Configuration

Visit your Okta dashboard

In your Okta Admin dashboard, select the Applications section and click Applications below that:

Okta - Application list

Browse App Catalog

Click Browse App Catalog:

Okta - browser app catalog

Search for Pipedream

Search for “Pipedream” and select the Pipedream app:

Okta - Pipedream app

Click Add

Okta - Add Pipedream app

Configure General Settings

Fill out the General Settings that Okta presents, and click Done:

Okta - General Settings

Edit Sign On

Select the Sign On tab, and click Edit at the top right:

Okta - Edit Sign In

Configure Default Relay State

Scroll down to the SAML 2.0 settings. In the Default Relay State section, enter organization_username:

Okta - Default Relay State

Save your configuration

Set any other configuration options you need in that section or in the Credentials Details section, and click Save.

Copy the Identity Provider metadata URL

In the Sign On section, you’ll see a section that includes the setup instructions for SAML:

Okta - SAML

Click the Identity Provider metadata link and copy the URL from your browser’s address bar:

Okta - Identity Metadata URL

Enable SSO in Pipedream

Visit your Pipedream workspace authentication settings. Click the toggle to Enable SSO, then click Edit SSO Configuration, and add the metadata URL in the SAML section and click Save:

Pipedream - SAML Metadata URL

Assign the application to users

Back in Okta, click on the Assignments tab of the Pipedream application. Click on the Assign dropdown and select Assign to People:

Okta - Assign Users

Assign the application to the relevant users in Okta, and Pipedream will configure the associated accounts on our end.

Users configured in your Okta app can log into Pipedream at https://pipedream.com/auth/sso by entering your workspaces’s name (found in your Settings). You can also access your SSO sign in URL directly by visiting https://pipedream.com/auth/org/your-workspace-name, where your-workspace-name is the name of your workspace.

Important details

Before you configure the application in Okta, make sure all your users have matching email addresses for their Pipedream user profile and their Okta profile. Once SSO is enabled, they will not be able to change their Pipedream email address.

If a user’s Pipedream email does not match the email in their IDP profile, they will not be able to log in.

If existing users signed up for Pipedream using an email and password, they will no longer be able to do so. They will only be able to sign in using SSO.